[squid-users] RE: Anybody using squid on openWRT ?
@Leonardo: Thanx a lot. Your logs are much better than mine, although I am closer to the site. So I have to look somewhere else, like slow DNS-resolution (I also use googles 8.8.8.8), or slow conn establishment, as now I have also seen very long response times durin initial page loads when trying to access other sites. Like some limits on no. of conns somewhere, which then causes squid to hang/loop, until conn established. So squid would be victim only. BTW: These small boxes from open-mesh.com, I am hacking, are very neat for small hotspots. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Anybody-using-squid-on-openWRT-tp4667335p4667387.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: Squid not listening on any port
This is a bit strange: 2014/08/25 09:19:42| pinger: Initialising ICMP pinger ... 2014/08/25 09:19:42| pinger: ICMP socket opened. 2014/08/25 09:19:42| Pinger exiting. 2014/08/25 09:21:04| Current Directory is /root 1) Pinger exiting. You might try to disable pinger in squid.conf pinger_enable off 2) Did you manually restart squid at 09:21:04 ? Just for completeness: Pls, publish squid.conf, without comments. Anonymized. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-not-listening-on-any-port-tp4667004p4667388.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] ICAP: entry went bad while waiting for adapted headers
Hi All, I develop ICAP server for squid. Occasionally squid closes connection to my server, before all necessary data is written back to squid. This happens when answer on RESPMOD request to squid is sending. Following error found in log: 2014/08/20 13:56:20.063 kid1| Server.cc(265) abortOnBadEntry: entry is not Accepting! 2014/08/20 13:56:20.063 kid1| http.cc(2404) abortTransaction: aborting transaction for entry went bad while waiting for adapted headers; , this 0x7f653072e318 Issue reproduces randomly on different sites and different content types. Could any expert advice how to debug such an issue, and what could be a root cause. Thanks for your help. WBR, Maxim
[squid-users] Re: Squid not listening on any port
hi, thanks, yes I did reboot. [root@dxb-squid34 ~]# cat /etc/squid/squid.conf # # ### ### MAIN v01-PROX ### # # # Listen Port http_port 8081 # # ### ### ACL DEFINITIONS ### # # #acl CONNECT method CONNECT #deny_info http://10.11.1.25/bannedfiles.php CONNECT acl allowfiles dstdomain /etc/squid/local/good/files http_access allow allowfiles acl allow50MBfiles urlpath_regex -i /etc/squid/local/good/allow50MBfiles http_access allow allow50MBfiles acl blockfiles urlpath_regex -i /etc/squid/local/bad/blockfiles deny_info http://10.11.1.25/bannedfiles.php blockfiles http_access deny blockfiles #acl blockhttps dstdomain -i /etc/squid/local/bad/blockhttps #deny_info http://10.11.1.25/bannedfiles.php blockhttps #http_access deny CONNECT blockhttps # acl AdminBoxes src 127.0.0.1 acl Purge method PURGE http_access allow AdminBoxes Purge http_access deny Purge # # ### ### ACL NETWORKS ### # # acl polarcus-rd src 10.0.0.0/8 acl polarcus-rd-dst dst 10.0.0.0/8 acl polarcus-rd-dst dst x/22 acl polarcus-rd-v01 dst 10.x.0.0/16 acl survopt dst x/26 # Company Internal Sites acl dxb-rd src 10.x.0.0/14 acl sto-rd src 10.x.0.0/16 acl v01-rd src 10.x.0.0/16 acl v02-rd src 10.x.0.0/16 acl v03-rd src 10.x.0.0/16 acl v04-rd src 10.x.0.0/16 acl v05-rd src 10.x.0.0/16 acl v06-rd src 10.x.0.0/16 acl v07-rd src 10.x.0.0/16 acl v08-rd src 10.x.0.0/16 acl v2v-rd src x.16.64.0/22 # Current Site Specific ... # Misc #acl manager proto cache_object acl localhost src 10.11.1.29/32 acl to_localhost dst 10.11.1.29/32 # Safe ports acl SSL_ports port 443 21 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http # Connect Methods acl CONNECT method CONNECT # For FTP acl FTP proto FTP # # ### ### ACL RULES - ACCES DENIED / GRANTED ### # # # Only allow cachemgr access from localhost http_access allow manager #http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # Deny access to web services on localhost http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # ... #http_access deny social-sites #http_access deny banned-sites # Finally deny all other access to this proxy http_access allow localhost http_access deny all # # ### ### OTHER TAGS ### # # # Make sure we only use the indirect client and not the X-Forwarded-For list acl_uses_indirect_client on delay_pool_uses_indirect_client on log_uses_indirect_client on # The following are needed only if your upstream proxy is using NTLM authentication #client_persistent_connections on #server_persistent_connections on #persistent_connection_after_error on # # ### ### UPSTREAM PROXY SETTINGS ### # # # Setup Peer (downstream proxy) #cache_peer sto-prox.plcs.local parent 8081 0
[squid-users] Re: Squid not listening on any port
babajaga wrote 1) Pinger exiting. You might try to disable pinger in squid.conf pinger_enable off Just for completeness: Pls, publish squid.conf, without comments. Anonymized. Disabled and it started listening! Thanks a lot... [root@dxb-squid34 ~]# squid -N -d 9 2014/08/26 16:48:43| Warning: empty ACL: acl blockfiles urlpath_regex -i /etc/squid/local/bad/blockfiles 2014/08/26 16:48:44| Current Directory is /root 2014/08/26 16:48:44| Starting Squid Cache version 3.4.6 for x86_64-unknown-linux-gnu... 2014/08/26 16:48:44| Process ID 2014/08/26 16:48:44| Process Roles: master worker 2014/08/26 16:48:44| With 4096 file descriptors available 2014/08/26 16:48:44| Initializing IP Cache... 2014/08/26 16:48:44| DNS Socket created at 0.0.0.0, FD 6 2014/08/26 16:48:44| Adding nameserver 10.11.1.11 from squid.conf 2014/08/26 16:48:44| Adding nameserver 10.11.1.12 from squid.conf 2014/08/26 16:48:44| helperOpenServers: Starting 0/100 'squidGuard' processes 2014/08/26 16:48:44| helperOpenServers: No 'squidGuard' processes needed. 2014/08/26 16:48:44| Logfile: opening log /var/log/squid/access.log 2014/08/26 16:48:44| WARNING: log name now starts with a module name. Use 'stdio:/var/log/squid/access.log' 2014/08/26 16:48:44| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2014/08/26 16:48:44| Logfile: opening log /var/log/squid/store.log 2014/08/26 16:48:44| WARNING: log name now starts with a module name. Use 'stdio:/var/log/squid/store.log' 2014/08/26 16:48:44| Swap maxSize 210944000 + 2097152 KB, estimated 16387780 objects 2014/08/26 16:48:44| Target number of buckets: 819389 2014/08/26 16:48:44| Using 1048576 Store buckets 2014/08/26 16:48:44| Max Mem size: 2097152 KB 2014/08/26 16:48:44| Max Swap size: 210944000 KB 2014/08/26 16:48:44| Rebuilding storage in /cache2/squid (dirty log) 2014/08/26 16:48:44| Rebuilding storage in /cache3/squid (dirty log) 2014/08/26 16:48:44| Rebuilding storage in /cache4/squid (dirty log) 2014/08/26 16:48:44| Using Least Load store dir selection 2014/08/26 16:48:44| Current Directory is /root 2014/08/26 16:48:44| Finished loading MIME types and icons. 2014/08/26 16:48:44| HTCP Disabled. 2014/08/26 16:48:44| Squid plugin modules loaded: 0 2014/08/26 16:48:44| Adaptation support is off. 2014/08/26 16:48:44| Loading cache_dir #0 from /cache1/squid/rock 2014/08/26 16:48:44| Accepting HTTP Socket connections at local=0.0.0.0:8081 remote=[::] FD 17 flags=9 2014/08/26 16:48:44| Done reading /cache2/squid swaplog (0 entries) 2014/08/26 16:48:44| Store rebuilding is 0.00% complete 2014/08/26 16:48:44| Done reading /cache3/squid swaplog (0 entries) 2014/08/26 16:48:44| Done reading /cache4/squid swaplog (0 entries) 2014/08/26 16:48:53| Finished rebuilding storage from disk. 2014/08/26 16:48:53| 1638394 Entries scanned 2014/08/26 16:48:53| 0 Invalid entries. 2014/08/26 16:48:53| 0 With invalid flags. 2014/08/26 16:48:53| 0 Objects loaded. 2014/08/26 16:48:53| 0 Objects expired. 2014/08/26 16:48:53| 0 Objects cancelled. 2014/08/26 16:48:53| 0 Duplicate URLs purged. 2014/08/26 16:48:53| 0 Swapfile clashes avoided. 2014/08/26 16:48:53| Took 8.71 seconds ( 0.00 objects/sec). 2014/08/26 16:48:53| Beginning Validation Procedure 2014/08/26 16:48:53| Completed Validation Procedure 2014/08/26 16:48:53| Validated 0 Entries 2014/08/26 16:48:53| store_swap_size = 16.00 KB 2014/08/26 16:48:53| storeLateRelease: released 0 objects -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-not-listening-on-any-port-tp4667004p4667391.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Very slow initial reply
Hello. Some of our user are complaning about very slow access to some sites. After some tests i've noticed that the time between squid receiving the request, and actually connecting to the site itself is very high. After this wait all the objects in the page are fetch rather quickly. I've tried upgrading to 3.4 but the issue persists. No auth in place, and the Squid server is connected to internet via full nat. Connecting directly from the server ou via some other proxy software, like nginx, works perfectly. Here are some of the sites (this are portuguese insurance companies): www.nseguros.pt www.lusitania.pt www.logo.pt Any ideas? Thanks in advance. Bruno Guerreiro DMSI/IT Instituto Nacional de Estatística Tel: 218440448 - Ext: 1657 Bruno Guerreiro DMSI/IT Instituto Nacional de Estatística Tel: 218440448 - Ext: 1657 Confidencialidade: Esta mensagem (e eventuais ficheiros anexos) � destinada exclusivamente �s pessoas nela indicadas e tem natureza confidencial. Se receber esta mensagem por engano, por favor contacte o remetente e elimine a mensagem e ficheiros, sem tomar conhecimento do respectivo conte�do e sem reproduzi-la ou divulg�-la. Confidentiality Warning: This e-mail message (and any attached files) is confidential and is intended solely for the use of the individual or entity to whom it is addressed. lf you are not the intended recipient of this message please notify the sender and delete and destroy all copies immediately.
Re: [squid-users] Very slow initial reply
Can you try to use dns_v4_first on? Eliezer On 08/26/2014 08:32 PM, Bruno Guerreiro wrote: Hello. Some of our user are complaning about very slow access to some sites. After some tests i've noticed that the time between squid receiving the request, and actually connecting to the site itself is very high. After this wait all the objects in the page are fetch rather quickly. I've tried upgrading to 3.4 but the issue persists. No auth in place, and the Squid server is connected to internet via full nat. Connecting directly from the server ou via some other proxy software, like nginx, works perfectly. Here are some of the sites (this are portuguese insurance companies): www.nseguros.pt www.lusitania.pt www.logo.pt Any ideas? Thanks in advance. Bruno Guerreiro DMSI/IT Instituto Nacional de Estatística Tel: 218440448 - Ext: 1657 Bruno Guerreiro DMSI/IT Instituto Nacional de Estatística Tel: 218440448 - Ext: 1657
Re: [squid-users] Very slow initial reply
On my squid box it shows DNS failure. 014/08/26 15:15:09.243 kid1| ModEpoll.cc(139) SetSelect: FD 8, type=1, handler=1, client_data=0, timeout=0 2014/08/26 15:15:09.243 kid1| dns_internal.cc(1362) idnsRead: idnsRead: FD 8: received 55 bytes from 127.0.0.1:53 2014/08/26 15:15:09.243 kid1| dns_internal.cc(1169) idnsGrokReply: idnsGrokReply: QID 0xf689, -2 answers 2014/08/26 15:15:09.244 kid1| dns_internal.cc(1234) idnsGrokReply: idnsGrokReply: error Server Failure: The name server was unable to process this query. (2) 2014/08/26 15:15:09.244 kid1| dns_internal.cc(1092) idnsCallback: Merging DNS results www.lusitania.pt A has 3 RR, has -2 RR 2014/08/26 15:15:09.244 kid1| dns_internal.cc(1125) idnsCallback: Sending 3 (OK) DNS results to caller. 2014/08/26 15:15:09.244 kid1| ipcache.cc(498) ipcacheParse: ipcacheParse: 3 answers for 'www.lusitania.pt' 2014/08/26 15:15:09.244 kid1| ipcache.cc(556) ipcacheParse: ipcacheParse: www.lusitania.pt #0 212.55.134.4 2014/08/26 15:15:09.244 kid1| ipcache.cc(556) ipcacheParse: ipcacheParse: www.lusitania.pt #1 62.28.187.7 2014/08/26 15:15:09.245 kid1| client_side_request.cc(546) hostHeaderIpVerify: validate IP 62.28.187.7:80 non-match from Host: IP 212.55.134.4 2014/08/26 15:15:09.245 kid1| client_side_request.cc(541) hostHeaderIpVerify: validate IP 62.28.187.7:80 possible from Host: Thanks 2014-08-26 14:32 GMT-03:00 Bruno Guerreiro bruno.guerre...@ine.pt: Hello. Some of our user are complaning about very slow access to some sites. After some tests i've noticed that the time between squid receiving the request, and actually connecting to the site itself is very high. After this wait all the objects in the page are fetch rather quickly. I've tried upgrading to 3.4 but the issue persists. No auth in place, and the Squid server is connected to internet via full nat. Connecting directly from the server ou via some other proxy software, like nginx, works perfectly. Here are some of the sites (this are portuguese insurance companies): www.nseguros.pt www.lusitania.pt www.logo.pt Any ideas? Thanks in advance. Bruno Guerreiro DMSI/IT Instituto Nacional de Estatística Tel: 218440448 - Ext: 1657 Bruno Guerreiro DMSI/IT Instituto Nacional de Estatística Tel: 218440448 - Ext: 1657 Confidencialidade: Esta mensagem (e eventuais ficheiros anexos) é destinada exclusivamente às pessoas nela indicadas e tem natureza confidencial. Se receber esta mensagem por engano, por favor contacte o remetente e elimine a mensagem e ficheiros, sem tomar conhecimento do respectivo conteúdo e sem reproduzi-la ou divulgá-la. Confidentiality Warning: This e-mail message (and any attached files) is confidential and is intended solely for the use of the individual or entity to whom it is addressed. lf you are not the intended recipient of this message please notify the sender and delete and destroy all copies immediately.
[squid-users] Re: Squid not listening on any port
israelsilva1 wrote babajaga wrote 1) Pinger exiting. You might try to disable pinger in squid.conf pinger_enable off Just for completeness: Pls, publish squid.conf, without comments. Anonymized. Disabled and it started listening! Thanks a lot... Now the question is: Why did pinger fail and should I bother fixing it? Thanks -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-not-listening-on-any-port-tp4667004p4667396.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: Filter squid cached files to multiple cache dirs
Excellent! Thank you all very much for your help - I'll return if/when I have more questions. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Filter-squid-cached-files-to-multiple-cache-dirs-tp4667347p4667397.html Sent from the Squid - Users mailing list archive at Nabble.com.